Bug 1666342

Summary: 0.8.6 breaks server-side host key algorithm negotiation
Product: [Fedora] Fedora Reporter: Martin Pitt <mpitt>
Component: libsshAssignee: Anderson Sasaki <ansasaki>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: high    
Version: rawhideCC: ansasaki, asn, jfch, mpitt, negativo17, rdieter, redhat-bugzilla
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libssh-0.8.6-2.fc30 libssh-0.8.6-2.fc29 libssh-0.8.6-2.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-18 02:14:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1666289    

Description Martin Pitt 2019-01-15 15:08:51 UTC 
Description of problem: Version 0.8.6 introduced a regression in the server extensions negotiation. This gets detected by cockpit-ssh's unit tests, which now fail like:


cockpit-ssh 127.0.0.1:43923: -1 couldn't connect: Public key from server (rsa-sha2-512) doesn't match user preference (ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-dss) '127.0.0.1' '43923'

This got fixed upstream in

   https://git.libssh.org/projects/libssh.git/commit/?id=27fe60954c

The bodhi update for F28/F29 (https://bodhi.fedoraproject.org/updates/FEDORA-2019-1381778f11) was stopped early enough, but this still affects rawhide.

Can you please backport the fix, or release a new 0.8.7?

Version-Release number of selected component (if applicable):

libssh-0.8.6-1.fc30

How reproducible: Always

Steps to Reproduce:
1. build cockpit, run "make check"
Comment 1 Anderson Sasaki 2019-01-15 17:25:39 UTC 
Hello! I've backported the patches and rebuilt the package. Can you check if it works for you?
Comment 2 Martin Pitt 2019-01-16 09:22:27 UTC 
I confirm that https://koji.fedoraproject.org/koji/buildinfo?buildID=1179966 fixes this, thank you for the fast update!
Comment 3 Fedora Update System 2019-01-16 15:48:35 UTC 
libssh-0.8.6-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7a091c607c
Comment 4 Fedora Update System 2019-01-16 15:49:46 UTC 
libssh-0.8.6-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ffe989a349
Comment 5 Fedora Update System 2019-01-17 02:11:22 UTC 
libssh-0.8.6-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ffe989a349
Comment 6 Fedora Update System 2019-01-17 02:50:28 UTC 
libssh-0.8.6-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7a091c607c
Comment 7 Fedora Update System 2019-01-18 02:14:04 UTC 
libssh-0.8.6-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-01-22 01:34:45 UTC 
libssh-0.8.6-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.